Why does Lets Encrypt email me daily

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:clcmembers.co.uk

I ran this command: N/A

It produced this output:N/A

My web server is (include version):Ubuntu Plesk Obsidian Version 18.0.61 Update #6

The operating system my web server runs on is (include version): Ubuntu 22.04.4 LTS

My hosting provider, if applicable, is:Ionos

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):Unknown

Could not renew Lets Encrypt certificates for "name withheld" (login xxxxx). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Lets Encrypt certificates has failed:

** 'Lets Encrypt clcmembers.co.uk' [days to expire: 24] **
[-] *.clcmembers.co.uk
[-] clcmembers.co.uk

My certs will run out and I can renew them but I don't need a reminder every day.
I believe I've switched off the relevant notifications.
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/372867905207.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record "not displaying here" found at _acme-challenge.clcmembers.co.uk

Let's Encrypt isn't emailing you every day; the email you're quoting is coming from your system. Either fix the renewal (in which case you won't get error messages any more), or learn how to configure your cron job to not email you. In neither case is this an issue with Let's Encrypt.

6 Likes

Thanks. Yes I understand that, but where do I learn how to edit the cron job please?

2 Likes

The Ubuntu docs, maybe? Or perhaps their forum?

5 Likes


So I think I've found the job. Could you advise what settings are best here please?
Ideally I'd like to know a few days before renewal is up.

I don't understand why it says the detail that it does though. I know when the Certs run out because I'm told that, but I don't want the renewal yet. When it is due, ideally I'd like to only know when it's out or figure out a way to autorenew without getting these errors.

Thanks

1 Like

No, I really can't. For the third time, Let's Encrypt has nothing to do with whatever software you're running that's sending you these emails; there surely are other channels that can provide support for that software.

That is the way Let's Encrypt is intended to work. Since you're requesting a wildcard cert, in order to do this, you need to be able to make automated updates to your DNS records. It seems that process isn't working.

What do you do to renew your cert?

6 Likes

If the certs can be renewed then why is the renewal failing? Let's Encrypt recommends renewal 30 days before expiration and your cert is within 24 days.

If you mean that you don't need this wildcard cert anymore then just delete the profile from your system so you don't continue trying to renew.

Questions about how that script works is best directed to whoever created that script. Was that from your hosting company or some other package?

As an aside, you should correct the below problem in your DNS config (per https://dnsviz.net). I don't know that it is affecting your cert renewal but the name servers should match anyway.
image

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.